Newer
Older
# Define a function which returns a value which fills in all the holes left by
# ``monitoring.nix``.
{
# A set mapping VPN IP addresses as strings to lists of hostnames as
# strings. The system's ``/etc/hosts`` will be populated with this
# information.
hostsMap
# See ``customize-issuer.nix``.
, monitoringvpnKeyDir
, monitoringvpnIPv4
# XXX To be removed
, publicIPv4
# A list of VPN IP addresses as strings indicating which clients will be
# allowed onto the VPN.
, vpnClientIPs
# A list of VPN clients (IP addresses or hostnames) as strings indicating
# which nodes to scrape metrics from.
, nodeExporterTargets
, nginxExporterTargets ? []
# A string giving the NixOS state version for the system.
, stateVersion
, ...
}: {
deployment.targetHost = publicIPv4;
deployment.secrets = {
"monitoringvpn-private-key".source = "${monitoringvpnKeyDir}/server.key";
"monitoringvpn-preshared-key".source = "${monitoringvpnKeyDir}/preshared.key";
};
networking.hosts = hostsMap;
services.private-storage.monitoring.vpn.server = {
enable = true;
ip = monitoringvpnIPv4;
inherit vpnClientIPs;
pubKeysPath = monitoringvpnKeyDir;
};
services.private-storage.monitoring.prometheus = {
inherit nodeExporterTargets;
inherit nginxExporterTargets;
};
system.stateVersion = stateVersion;
}